I don't know if anyone else actually uses RSA malware but would like to share out pet peve issue with it.
Basically the static analysis engine is tied to major releases and minor releases and is not openly customer customizable e.g. via yara.
E.g. most recently - doesn’t work correctly for PoC and mal docs for [as in malicious files used in crimeware and targeted attacks no longer get passed to the sandbox and analysed]
https://isc.sans.edu/forums/diary/Hancitor+malspam+uses+DDE+attack/22936/ ß used in the wild in crimeware [our partner orgs also report targeted attacks ]
we’ve previously raised similar issues with the malware server
^ essentially there needs to be a live deployable AND customer yara sig way of adding signatures and adjusting static scores WITHOUT new RPMs
e.g. yara sig here https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/
To put it more simply: customers need to be able to respond to network file threats in an adequate manner - including rapidly deploying detection rules for Office 2003/2010 static rules. [as in extracted XML content from 2010 too]
if anyone is actually using Malware server - go ping your account manager